[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] PV privilege escalation - advisory

On 15/06/12 00:51, Fajar A. Nugraha wrote:
> Also, even if that were the case, there's the issue of "how do you
> make sure your domUs ONLY use the safe kernel if the domU is not
> within your control and it boots with pygrub/pvgrub" (which roughly
> means your users can change the running kernel with their own,
> possibly "unsafe" kernel.

My understanding (and I may be wrong) is if either the hypervisor is
patched or the domu kernel that mitigates the vulnerability, so if you
patch the hypervisor then you don't have to worry about someone trying
to exploit it with a vulnerable kernel.

It's not to hard to rebuild the .src.rpm to include the patch.  I've
already done it myself with the mayoung packages for RHEL6.


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.